Applications AWS

Oracle WebLogic Server 14c on AWS User Guide

Oracle WebLogic Server 14c on AWS

This guide covers launching, connecting to, and administering an Oracle WebLogic Server 14c (14.1.2) instance from the cloudimg AWS Marketplace image. The image delivers WebLogic 14c with JDK 21 LTS on Oracle Linux 8 or AlmaLinux 8, with a base_domain AdminServer pre-configured and a per-instance admin password generated on first boot.

What is Oracle WebLogic Server?

Oracle WebLogic Server is the leading Java EE and Jakarta EE application server for deploying enterprise applications. WebLogic 14c (version 14.1.2.0.0) is the current long-term support release, succeeding the 12c generation. It supports Java EE 8 and Jakarta EE 8 applications, JDBC datasources, JMS, EJBs, and the full enterprise Java stack.

The AdminServer listens on port 7001 and serves the WebLogic sign-in page; full domain administration is also available via the WebLogic Remote Console desktop application and via the WLST scripting tool. A NodeManager is configured on port 5556 for managed-server lifecycle operations.

Supported Versions

The "Oracle WebLogic Server" listing offers more than one delivery option. This image provides WebLogic 14c (14.1.2.0.0) on Oracle Linux 8 or AlmaLinux 8; the listing also offers WebLogic 15c on AlmaLinux 9 or Oracle Linux 9. All variants deploy the same core application server with the base_domain AdminServer configuration and the same first-boot password rotation.

Connecting to Your Instance

OS Variant SSH Login User
Oracle Linux 8 ec2-user
AlmaLinux 8 ec2-user

Connect using the key pair you selected at launch:

ssh -i your-key.pem ec2-user@<instance-public-ip>

First Boot — Password Generation

On the first boot of your instance, the cloudimg-weblogic-firstboot.service systemd unit runs automatically. It:

  1. Starts the WebLogic AdminServer
  2. Generates a fresh cryptographically random admin password unique to this instance
  3. Rotates the weblogic user password via WLST
  4. Writes credentials to /stage/scripts/weblogic-credentials.log (readable by root only)
  5. Restarts the AdminServer with the new password
  6. Touches the sentinel file /var/lib/cloudimg/weblogic-firstboot.done

To retrieve your credentials:

sudo cat /stage/scripts/weblogic-credentials.log

The file contains the weblogic username, the per-instance password, and the domain home path. Treat it as a secret — it is readable only by root (chmod 0600).

Verifying the Installation

JDK and WebLogic Versions

/u01/java/jdk-21/bin/java -version
sudo unzip -p /u01/app/oracle/product/wlserver/server/lib/weblogic.jar META-INF/MANIFEST.MF | grep Implementation-Version
sudo systemctl is-active weblogic.service nodemanager.service
sudo systemctl is-enabled weblogic.service nodemanager.service

JDK 21 version, WebLogic 14.1.2.0.0 Implementation-Version, and weblogic.service active (running)

WebLogic Sign In Page

Open a browser and navigate to http://<instance-public-ip>:7001/console/welcome/. You should see the Oracle WebLogic Server Sign In page:

Oracle WebLogic Server 14.1.2 Sign In page at port 7001

After Sign In

Sign in with username weblogic and the password from /stage/scripts/weblogic-credentials.log. After authentication you will see the WebLogic Server 14.1.2 welcome page:

Welcome to WebLogic Server 14.1.2 management page after authentication

The welcome page confirms the AdminServer is running and is the starting point for domain management.

WebLogic Remote Console

WebLogic Server 14.1.2 also supports the WebLogic Remote Console for administration. Download it from Oracle:

https://docs.oracle.com/en/middleware/standalone/weblogic-server/14.1.2.0/wlmgc/

After installing the Remote Console on your workstation, create a new connection:

  • Connection Type: Admin Server
  • URL: http://<instance-public-ip>:7001
  • Username: weblogic
  • Password: from /stage/scripts/weblogic-credentials.log

The Remote Console provides a full domain management interface for deploying applications, configuring JDBC datasources, managing JMS, viewing server logs, and administering security realms.

WLST (WebLogic Scripting Tool)

WLST is a command-line administration tool available on the instance. Switch to the oracle user and start WLST:

sudo su - oracle
export JAVA_HOME=/u01/java/jdk-21
/u01/app/oracle/product/wlserver/common/bin/wlst.sh

Connect to the running AdminServer:

connect('weblogic', '<password>', 't3://127.0.0.1:7001')

Useful WLST commands:

# Show AdminServer runtime state
serverRuntime()
cmo.getState()

# List deployed applications
domainConfig()
ls('/AppDeployments')

# Inspect server configuration
serverConfig()
cd('/Servers/AdminServer')
ls()

# Exit
disconnect()
exit()

Managing the WebLogic Services

The AdminServer is managed by the weblogic.service systemd unit and the NodeManager by nodemanager.service:

sudo systemctl status weblogic.service --no-pager
sudo systemctl status nodemanager.service --no-pager

To start, stop, or restart the AdminServer:

sudo systemctl start weblogic.service
sudo systemctl stop weblogic.service
sudo systemctl restart weblogic.service

Deploying Applications

To deploy a Java EE application (WAR, EAR, or JAR), use the WebLogic Remote Console or WLST. With WLST:

sudo su - oracle
export JAVA_HOME=/u01/java/jdk-21
/u01/app/oracle/product/wlserver/common/bin/wlst.sh

Then in WLST:

connect('weblogic', '<password>', 't3://127.0.0.1:7001')
deploy('myapp', '/path/to/myapp.war', targets='AdminServer')

Configuring JDBC Datasources

JDBC datasources can be created via the WebLogic Remote Console or WLST. Example WLST session:

connect('weblogic', '<password>', 't3://127.0.0.1:7001')
edit()
startEdit()
cd('/JDBCSystemResources')
cmo.createJDBCSystemResource('MyDataSource')
# ... configure driver, URL, credentials
activate()

Installation Layout

Path Description
/u01/java/jdk-21 JDK 21 LTS (symlink to jdk-21.0.11)
/u01/app/oracle/product WebLogic Middleware home (MW_HOME)
/u01/app/oracle/product/wlserver WebLogic Server home (WL_HOME)
/u01/app/oracle/product/user_projects/domains/base_domain AdminServer domain home
/stage/scripts/weblogic-credentials.log Per-instance credentials (root 0600)
/var/lib/cloudimg/weblogic-firstboot.done Firstboot sentinel
/var/log/cloudimg-weblogic-firstboot.log Firstboot service log

Security Notes

  • The admin password is unique per instance and is never shared across AMIs.
  • /stage/scripts/weblogic-credentials.log is readable only by root (chmod 0600).
  • Port 7001 is exposed by default for WebLogic management. Restrict access using AWS Security Groups for production deployments.
  • SELinux ships in a non-enforcing mode (WebLogic's ClassLoader and JNI are not compatible with enforcing SELinux). Consider additional OS-level hardening for production deployments.
  • Change the admin password after first login using the WebLogic Remote Console or WLST for additional security.

Support

This image is maintained by cloudimg. For technical support, deployment assistance, application configuration, JVM tuning, and upgrades, contact cloudimg support at support@cloudimg.co.uk.